RED × BLUE = PURPLE

Your autonomous purple team.

Red teams find the holes. Blue teams close them. unpwnd does both on every scan — it proves a vulnerability with a source→sink exploit path, then hands your engineers the fix to ship. One loop, no handoff.

Red team · offense

It finds what’s exploitable.

The agent thinks like an attacker — hunting the reachable, provable bugs, not theoretical lint.

Confirmed source→sink pathsuntrusted input → dangerous sink, with evidence at each hop
OWASP Top 10 & CWE familiesinjection, access control, SSRF, deserialization, secrets
Ranked by real riskcritical → high → medium → low, impact × exploitability
Blue team · defense

It ships you the fix.

Every finding closes with remediation your team can apply immediately — and you choose how often unpwnd checks back in.

Paste-ready fix promptsself-contained handoff for a coding agent or a PR
Choose your own cadenceweekly or bi-weekly — catch regressions on your next audit
Resolve & trackmark findings fixed or dismissed — with an audit trail
// the loop closes itself

Attack, prove, remediate — every scan.

The gap between “we found something” and “we fixed it” is where breaches live. unpwnd closes it in one pass.

finding — CWE-347 / A02 · JWT alg:none accepted
# RED — the exploit path routes/login.ts:42 ← untrusted: req.body.token lib/jwt.ts:19 decode() without verify() lib/jwt.ts:27 SINK: alg "none" accepted → forged token trusted # BLUE — the fix (paste-ready) "In lib/jwt.ts, reject any token whose header alg is 'none'. Pin the expected algorithm — jwt.verify(token, key, { algorithms: ['HS256'] }) — and add a test asserting a forged alg:none token is refused."
// stand up your purple team

Offense and defense, on every commit.

Connect a repository and get proven findings — each one with the fix already written.

Purple Team · unpwnd